Security Operations Engineer protecting Notion’s systems and users by investigating and responding to security events. Collaborating with a global team to enhance security processes and protocols.
About the role
- Security Operations Analyst monitoring security events and responding to incidents. Collaborating with IT and Security teams to implement preventive controls and improve processes.
Responsibilities
- Continuous monitoring of security events and alerts using SIEM platforms.
- Analysis and correlation of logs to identify suspicious activity or indicators of compromise (IoCs).
- Develop security use cases aligned with frameworks such as MITRE ATT&CK and internal policies.
- Define correlation rules for threat detection (e.g., anomalous behavior, brute-force attacks, data exfiltration).
- Tune thresholds and alert logic to reduce false positives.
- Parser development and log normalization.
- Create custom parsers to integrate new log sources into the SIEM.
- Ensure data normalization (mapping to standard fields such as IP, user, action).
- Validate log quality and consistency to prevent correlation failures.
- Work with common formats (Syslog, JSON, XML) and protocols (CEF, LEEF).
- Operation and automation with SOAR, creating playbooks for fast and efficient response.
- Triage and handling of security incidents according to criticality and impact.
- Investigations across endpoints, networks and applications to determine root cause.
- Escalation and communication with internal teams and vendors when necessary.
- Detailed documentation of incidents, actions taken, and mitigation recommendations.
- Contribute to continuous improvement of monitoring and response processes.
- Participate in incident simulation and tabletop exercises.
- Collaborate with IT and Security teams to implement preventive controls.
Requirements
- Bachelor's degree in Information Security, Cyber Defense, IT or related fields.
- Postgraduate degree in Cyber Security, Forensics, Intelligence or Security Architecture is a plus.
- Experience with SIEMs (Splunk, QRadar, SecOps, Elastic, Sentinel).
- Experience in security incident response.
- Experience with Windows and Linux operating systems.
- Knowledge of query languages (SPL, AQL, KQL).
- Familiarity with regex for parser creation.
- Understanding of log formats and protocols.
- Basics of SOAR automation (Python, YAML).
- Knowledge of MITRE ATT&CK, IOCs, and TTPs.
- Knowledge and hands-on experience with security solutions such as WAF, Firewall, IPS, Anti-Malware, EDR, ATP for detection and containment of security incidents.
- Availability for on-call shifts on weekends and holidays.
- Clear and assertive communication skills.
- Teamwork and collaboration.
- Curiosity and continuous learning.
- Ethics and responsibility.
- Analytical and critical thinking.
- Attention to detail.
- Proactivity.
- Resilience and emotional control.
Benefits
- Health and dental insurance
- Meal allowance (Caju)
- Life insurance
- Home office allowance
- Profit-sharing (PLR)
- Private pension plan
- Childcare assistance
- WellHub (Gympass)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
SecOps Engineer at Aristocrat maintaining security for innovative iGaming platforms and collaborating with cross - functional teams. Focused on AWS services security and compliance assessments.
Cybersecurity Incident Response Analyst handling security events and incidents at Var Group in a hybrid work environment. Focused on ensuring response to security incidents and improving security processes.
Cybersecurity Incident Response Analyst handling security incidents and threats. Working in a hybrid environment at Yarix, a leader in digital evolution.
IAM Security Ops Analyst overseeing access management for clinical trial applications at Syneos Health. Collaborating with IT and compliance teams to enforce IAM policies and improve operational performance.
Fraud Operations Group Manager responsible for managing fraud management policies in the Operations Services team. Leading teams in minimizing fraud impacts while ensuring compliance and operational objectives.
Information Security Analyst responsible for security operations, threat hunting, and incident response at Bellinati Perez. Involves collaboration with internal teams and use of advanced security tools.
Senior SOC Analyst specializing in security operations and incident response at PEXA, advancing digital property solutions in the UK. Collaborating with teams to enhance security measures and respond to incidents.
Security Monitoring Analyst developing XDR detection rules for cybersecurity at ESET. Actively contributing to threat defense innovation while monitoring security environments.
Overseeing global security operations across 81 sites for QVC Group, a Fortune 500 live shopping company. Managing security programs with expertise in investigations and crisis management.